Security Risk and Compliance Director

Security Risk and Compliance DirectorLocation:CityScapeWhat you'll do:The Director of Security and Privacy Compliance is vested with the authority to facilitate the development, implementation, and maintenance of an effective enterprise information security and privacy program whose capabilities are within the upper quartile of banks. The primary objective is to lead a team that provides security and privacy governance, reporting and supporting activities that ensures compliance to the banks security and privacy policies while complying with relevant regulations, state and federal law and industry frameworks.Reporting directly to the Chief Information Security Officer, the Director will be ensuring adherence to FFIEC, NIST control frameworks, and all applicable financial services regulatory requirements and preparing reporting on program effectiveness for risk committees, the Board of Directors, and Regulators. The role involves identifying, evaluating, and reporting on legal, regulatory, IT, 3rd party, cybersecurity and privacy risks to information assets. The Director will work closely with various business units, IT teams, and senior management to develop and implement comprehensive security and privacy governance strategies and policies, and procedures that align with the bank's risk appetite and business objectives.Design, implement and maintain the banks privacy program, policies and procedures aligned with GLBA and regulatory requirements.Support governance activities of the information security program that ensure appropriate levels of confidentiality, integrity and availability are applied and maintained to protect restricted and confidential data stored, transmitted or processed by the organization.Establish standards for data classification, access controls, and data lifecycle management to safeguard restricted personal identifiable information (PII) and confidential financial data.Provide reporting on the information security and privacy program to enterprise risk teams, senior business leaders, and the board of directors. Reporting would include all FFIEC and GBLA and state regulatory requirements.Partner effectively with 2nd and 3rd line risk organizations and business units to facilitate security and privacy risk assessments and risk management processes aligned with the bank risk appetite.Partner with the business and risk owners to ensure that all information owned, collected, or controlled by or on behalf of the company is processed and stored in accordance with applicable regulatory requirements, such as state data privacy laws.Define and facilitate the processes for information security and privacy risk assessments, including the reporting and oversight of treatment efforts to address negative findings.Maintain the cyber incident response plan to ensure that business-critical services are recovered in the event of a security event; provide support, and in-house consulting in these areas.Facilitate an information security governance structure through the support and oversight of the security program, including the facilitation of the security risk steering committee.Develop, maintain, socialize, and coordinate approval of security and privacy governance policies.Direct the creation of a targeted information security awareness training program for all employees, contractors, and approved system users, and establish metrics to measure the effectiveness of this security training program.What you'll need:Minimum of 12+ years enterprise level experience in a senior leadership role for a regulated financial services firm, focusing on risk management, information security, and regulatory compliance.A Bachelor's degree with focus in a Business or Technical area is required. Master's degree in cyber security or computer science is a plus.Intermediate to advanced knowledge of general Financial Services or